From 0915619e6fa7caec17be03d42c238df0ac0db4cf Mon Sep 17 00:00:00 2001 From: Anshul Khantwal Date: Thu, 23 Oct 2025 20:37:53 +0530 Subject: [PATCH 1/6] Deploy MongoDB MCP Server on Azure Container Apps --- deploy/azure/README.md | 94 ++++++++ deploy/azure/bicep/main.bicep | 212 ++++++++++++++++++ deploy/azure/bicep/params.json | 22 ++ deploy/azure/bicep/paramsWithAuthEnabled.json | 29 +++ 4 files changed, 357 insertions(+) create mode 100644 deploy/azure/README.md create mode 100644 deploy/azure/bicep/main.bicep create mode 100644 deploy/azure/bicep/params.json create mode 100644 deploy/azure/bicep/paramsWithAuthEnabled.json diff --git a/deploy/azure/README.md b/deploy/azure/README.md new file mode 100644 index 00000000..96e8ed60 --- /dev/null +++ b/deploy/azure/README.md @@ -0,0 +1,94 @@ +# Deploy MongoDB MCP Server on Azure Container Apps + +## Overview +This directory contains an Azure Bicep template (`bicep/main.bicep`) and supporting parameter files for deploying the infrastructure required to run the MongoDB MCP (Model Context Protocol) server. Use this guide to prepare prerequisites, select the appropriate parameter file, and run the deployment end-to-end. + +## Prerequisites +- Azure CLI (2.55.0 or later) installed and signed in (`az login`). +- Azure subscription with permissions to deploy the required resources. +- Docker installed locally for building container images. +- Azure Container Registry (ACR) to host the MongoDB MCP server image. +- MongoDB MCP server container image available in your registry (instructions below). + +## Prepare the MongoDB MCP Docker Image +If you already have a tagged image in your ACR, skip this section. Otherwise, build and push the image using the official Dockerfile: + +```powershell +# 1. Clone the MongoDB MCP server repository +git clone https://github.com/mongodb-js/mongodb-mcp-server.git +cd mongodb-mcp-server + +# 2. Log in to your Azure Container Registry +$acrName = "" # without the .azurecr.io suffix +az acr login --name $acrName + +# 3. Build the MongoDB MCP server image +$tag = "$acrName.azurecr.io/mongodb-mcp-server:latest" +docker build -f Dockerfile -t $tag . + +# 4. Push the image to your ACR +docker push $tag +``` + +Record the fully qualified image name (FQIN) for later use in your parameter file, e.g. `myregistry.azurecr.io/mongodb-mcp-server:latest`. + +## Parameter Files +Two sample parameter files are provided to help you tailor deployments: + +- `bicep/params.json`: Baseline configuration that deploys the MongoDB MCP server with authentication disabled or using default settings. Use this when testing in development environments or when external authentication is not required. +- `bicep/paramsWithAuthEnabled.json`: Extends the baseline deployment and enables explicit authentication configuration (for example, username/password, secrets, or identity inputs). Use this when you want the server protected with credentials. + +> **Tip:** Update the image reference, secrets, networking, and any other environment-specific values in the chosen parameter file before deployment. + +## Deploy the Bicep Template +1. **Set common variables (PowerShell example):** + ```powershell + $location = "eastus" + $resourceGroup = "mongodb-mcp-demo-rg" + $templateFile = "bicep/main.bicep" + $parameterFile = "bicep/params.json" # or bicep/paramsWithAuthEnabled.json + ``` + +2. **Create the resource group (if it does not exist):** + ```powershell + az group create --name $resourceGroup --location $location + ``` + +3. **Validate the deployment (optional but recommended):** + ```powershell + az deployment group what-if \ + --resource-group $resourceGroup \ + --template-file $templateFile \ + --parameters @$parameterFile + ``` + +4. **Run the deployment:** + ```powershell + az deployment group create \ + --resource-group $resourceGroup \ + --template-file $templateFile \ + --parameters @$parameterFile + ``` + +5. **Monitor outputs:** Review the deployment outputs and logs for connection endpoints, credential references, or other values needed to complete integration. + +## Post-Deployment Checklist +- Confirm the container instance or orchestration target pulled the correct MongoDB MCP image from your ACR. +- Verify networking rules (firewalls, VNet integrations, etc.) allow intended clients to reach the server endpoint. +- If using the auth-enabled parameters, validate that credentials/secrets are stored securely (Key Vault, managed identity) and tested end-to-end. +- Document any additional operational steps (scaling, logging, maintenance) based on your environment requirements. + +## Updating the Deployment +To apply changes: +1. Update the parameter file or `main.bicep` as needed. +2. Re-run the `az deployment group create` command with the same resource group. +3. Use `az deployment group what-if` to preview differences before applying them. + +## Cleanup +Remove the deployed resources when no longer needed: + +```powershell +az group delete --name $resourceGroup --yes --no-wait +``` + +> **Reminder:** Deleting the resource group removes all resources inside it. Ensure any persistent data or backups are retained elsewhere before running the cleanup command. diff --git a/deploy/azure/bicep/main.bicep b/deploy/azure/bicep/main.bicep new file mode 100644 index 00000000..028607f8 --- /dev/null +++ b/deploy/azure/bicep/main.bicep @@ -0,0 +1,212 @@ +@description('Name of the Container Apps Environment. Leave blank to create a new one.') +param containerAppEnvName string = '' + +@description('Location of resources') +param location string = resourceGroup().location + +@description('Name of the Container App') +param containerAppName string = 'mongo-mcp-server-app' + +@description('Docker image to deploy') +param containerImage string = '/mongo-mcp-server:latest' + +@description('Container CPU (vCPU) as string. Allowed: 0.25 - 2.0 in 0.25 increments') +@allowed([ + '0.25' + '0.5' + '0.75' + '1.0' + '1.25' + '1.5' + '1.75' + '2.0' +]) +param containerCpu string = '1.0' + +// Convert CPU string to number (Bicep lacks float type; json() parses to number) +var containerCpuNumber = json(containerCpu) + +@description('Container Memory (GB)') +@allowed([ + '0.5Gi' + '1Gi' + '2Gi' + '4Gi' +]) +param containerMemory string = '2Gi' + +@description('Container App Environment Variables') +param appEnvironmentVars object = { + MDB_MCP_READ_ONLY: 'true' // set to 'false' to enable write operations + MDB_MCP_HTTP_PORT: '8080' + MDB_MCP_HTTP_HOST: '::' + MDB_MCP_TRANSPORT: 'http' + MDB_MCP_LOGGERS: 'disk,mcp,stderr' + MDB_MCP_LOG_PATH: '/tmp/mongodb-mcp' +} + +@description('Authentication mode toggle for the Container App. NOAUTH disables platform auth; MicrosoftMIBasedAuth enables Azure AD auth and enforces 401 for unauthenticated requests.') +@allowed([ + 'NOAUTH' + 'MicrosoftMIBasedAuth' +]) +param authMode string = 'NOAUTH' + +@description('Azure AD Application (client) ID used when authMode is MicrosoftMIBasedAuth. Leave blank for NOAUTH.') +param authClientId string = '' + +@description('Issuer URL (OpenID issuer) when authMode is MicrosoftMIBasedAuth. Example: https://login.microsoftonline.com//v2.0 or https://sts.windows.net//v2.0') +param authIssuerUrl string = '' + +@description('Azure AD Tenant ID (GUID) used when authMode is MicrosoftMIBasedAuth. Provided separately to avoid hard-coded cloud endpoints in template logic.') +param authTenantId string = '' + +@description('Optional array of allowed client application IDs. If empty, all applications are allowed (not recommended).') +param authAllowedClientApps array = [] + +@secure() +@description('MongoDB Connection String') +param mdbConnectionString string + +// Create Container App Environment if not provided +resource containerAppEnv 'Microsoft.App/managedEnvironments@2024-02-02-preview' = if (empty(containerAppEnvName)) { + name: 'mcp-env-${uniqueString(resourceGroup().id)}' + location: location + properties: {} +} + +// Get the Container App Environment resource ID (either existing or newly created) +var envResourceId = empty(containerAppEnvName) + ? containerAppEnv.id + : resourceId('Microsoft.App/managedEnvironments', containerAppEnvName) + +// Build environment variables array +var envVarsArray = [ + for item in items(appEnvironmentVars): { + name: item.key + value: string(item.value) + } +] + +// Additional environment variables injected when MicrosoftMIBasedAuth is enabled (merged after user-provided vars so user can override if desired) +var authEnvVars = authMode == 'MicrosoftMIBasedAuth' + ? concat([ + { + name: 'MDB_MCP_HTTP_AUTH_MODE' + value: 'azure-managed-identity' + } + { + // Tenant ID of the Azure AD tenant + name: 'MDB_MCP_AZURE_MANAGED_IDENTITY_TENANT_ID' + value: authTenantId + } + { + // Client ID of the Azure AD App representing the your container app + name: 'MDB_MCP_AZURE_MANAGED_IDENTITY_CLIENT_ID' + value: authClientId + } + ], length(authAllowedClientApps) > 0 ? [ + { + // Comma-separated list of allowed Client App IDs for access + // (only listed Client Apps are allowed if client apps specified) + name: 'MDB_MCP_AZURE_MANAGED_IDENTITY_ALLOWED_APP_IDS' + value: join(authAllowedClientApps, ',') + } + ] : []) + : [ + { + name: 'MDB_MCP_HTTP_AUTH_MODE' + value: 'none' + } + ] + +// Deploy Container App +resource containerApp 'Microsoft.App/containerApps@2024-02-02-preview' = { + name: containerAppName + location: location + identity: { + type: 'SystemAssigned' + } + properties: { + managedEnvironmentId: envResourceId + configuration: { + ingress: { + external: true + targetPort: int(appEnvironmentVars.MDB_MCP_HTTP_PORT) + transport: 'auto' + } + secrets: [ + { + name: 'mdb-mcp-connection-string' + value: mdbConnectionString + } + ] + } + template: { + containers: [ + { + name: 'mcpserver' + image: containerImage + resources: { + cpu: containerCpuNumber + memory: containerMemory + } + env: concat( + envVarsArray, + authEnvVars, + [ + { + name: 'MDB_MCP_CONNECTION_STRING' + secretRef: 'mdb-mcp-connection-string' + } + ] + ) + } + ] + scale: { + minReplicas: 1 + maxReplicas: 1 + rules: [] // disables autoscaling + } + } + } +} + +// Container App Authentication (child resource) - only deployed when MicrosoftMIBasedAuth selected +resource containerAppAuth 'Microsoft.App/containerApps/authConfigs@2024-10-02-preview' = if (authMode == 'MicrosoftMIBasedAuth') { + name: 'current' + parent: containerApp + properties: { + platform: { + enabled: true + // runtimeVersion optional + } + globalValidation: { + unauthenticatedClientAction: 'Return401' + redirectToProvider: 'azureActiveDirectory' + } + identityProviders: { + azureActiveDirectory: { + enabled: true + registration: { + clientId: authClientId + openIdIssuer: authIssuerUrl + } + validation: { + allowedAudiences: [ + authClientId + ] + // defaultAuthorizationPolicy allows restriction to specific client applications + defaultAuthorizationPolicy: length(authAllowedClientApps) > 0 ? { + allowedApplications: authAllowedClientApps + } : null + jwtClaimChecks: length(authAllowedClientApps) > 0 ? { + allowedClientApplications: authAllowedClientApps + } : null + } + } + } + } +} + +output containerAppUrl string = containerApp.properties.configuration.ingress.fqdn diff --git a/deploy/azure/bicep/params.json b/deploy/azure/bicep/params.json new file mode 100644 index 00000000..fb3db72b --- /dev/null +++ b/deploy/azure/bicep/params.json @@ -0,0 +1,22 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "containerImage": { "value": "/mongo-mcp-server:latest" }, + "containerCpu": { "value": "1.0" }, + "containerMemory": { "value": "2Gi" }, + "appEnvironmentVars": { + "value": { + "MDB_MCP_READ_ONLY": "false", + "MDB_MCP_HTTP_PORT": "8080", + "MDB_MCP_HTTP_HOST": "::", + "MDB_MCP_TRANSPORT": "http", + "MDB_MCP_LOGGERS": "disk,mcp,stderr", + "MDB_MCP_LOG_PATH": "/tmp/mongodb-mcp", + "MDB_MCP_DISABLED_TOOLS": "explain,export,atlas-create-access-list,atlas-create-db-user,drop-database,drop-collection,delete-many" + } + }, + "authMode": { "value": "NOAUTH" }, + "mdbConnectionString": { "value": "" } + } +} diff --git a/deploy/azure/bicep/paramsWithAuthEnabled.json b/deploy/azure/bicep/paramsWithAuthEnabled.json new file mode 100644 index 00000000..f02c40de --- /dev/null +++ b/deploy/azure/bicep/paramsWithAuthEnabled.json @@ -0,0 +1,29 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "containerAppEnvName": { "value": "mcp-env-wlm2rwwpyzafw" }, + "containerAppName": { "value": "mongo-mcp-server-app-with-auth" }, + "containerImage": { "value": "/mongo-mcp-server:latest" }, + "containerCpu": { "value": "1.0" }, + "containerMemory": { "value": "2Gi" }, + "appEnvironmentVars": { + "value": { + "MDB_MCP_READ_ONLY": "false", + "MDB_MCP_HTTP_PORT": "8080", + "MDB_MCP_HTTP_HOST": "::", + "MDB_MCP_TRANSPORT": "http", + "MDB_MCP_LOGGERS": "disk,mcp,stderr", + "MDB_MCP_LOG_PATH": "/tmp/mongodb-mcp", + "MDB_MCP_DISABLED_TOOLS": "explain,export,atlas-create-access-list,atlas-create-db-user,drop-database,drop-collection,delete-many" + } + }, + "mdbConnectionString": { "value": "" }, + + "authMode": { "value": "MicrosoftMIBasedAuth" }, + "authClientId": { "value": "97251c0f-95cd-4a6f-8414-ae34319fbb29" }, + "authIssuerUrl": { "value": "https://login.microsoftonline.com/888d76fa-54b2-4ced-8ee5-aac1585adee7/v2.0" }, + "authTenantId": { "value": "888d76fa-54b2-4ced-8ee5-aac1585adee7" }, + "authAllowedClientApps": { "value": ["6553980f-5268-4494-b1b2-233ba381fb6e"] } + } +} From b9e8c1cbc881808c06b258f39a79e04d9194a00c Mon Sep 17 00:00:00 2001 From: Anshul Khantwal Date: Fri, 24 Oct 2025 11:08:25 +0530 Subject: [PATCH 2/6] Using official hub.docker.com/r/mongodb/mongodb-mcp-server --- deploy/azure/README.md | 28 ++----------------- deploy/azure/bicep/main.bicep | 2 +- deploy/azure/bicep/params.json | 2 +- deploy/azure/bicep/paramsWithAuthEnabled.json | 12 ++++---- 4 files changed, 10 insertions(+), 34 deletions(-) diff --git a/deploy/azure/README.md b/deploy/azure/README.md index 96e8ed60..4629da27 100644 --- a/deploy/azure/README.md +++ b/deploy/azure/README.md @@ -6,31 +6,7 @@ This directory contains an Azure Bicep template (`bicep/main.bicep`) and support ## Prerequisites - Azure CLI (2.55.0 or later) installed and signed in (`az login`). - Azure subscription with permissions to deploy the required resources. -- Docker installed locally for building container images. -- Azure Container Registry (ACR) to host the MongoDB MCP server image. -- MongoDB MCP server container image available in your registry (instructions below). - -## Prepare the MongoDB MCP Docker Image -If you already have a tagged image in your ACR, skip this section. Otherwise, build and push the image using the official Dockerfile: - -```powershell -# 1. Clone the MongoDB MCP server repository -git clone https://github.com/mongodb-js/mongodb-mcp-server.git -cd mongodb-mcp-server - -# 2. Log in to your Azure Container Registry -$acrName = "" # without the .azurecr.io suffix -az acr login --name $acrName - -# 3. Build the MongoDB MCP server image -$tag = "$acrName.azurecr.io/mongodb-mcp-server:latest" -docker build -f Dockerfile -t $tag . - -# 4. Push the image to your ACR -docker push $tag -``` - -Record the fully qualified image name (FQIN) for later use in your parameter file, e.g. `myregistry.azurecr.io/mongodb-mcp-server:latest`. +- MongoDB MCP server container image available in dockerhub registry (mongodb/mongodb-mcp-server:latest). ## Parameter Files Two sample parameter files are provided to help you tailor deployments: @@ -73,7 +49,7 @@ Two sample parameter files are provided to help you tailor deployments: 5. **Monitor outputs:** Review the deployment outputs and logs for connection endpoints, credential references, or other values needed to complete integration. ## Post-Deployment Checklist -- Confirm the container instance or orchestration target pulled the correct MongoDB MCP image from your ACR. +- Confirm the container instance or orchestration target pulled the correct MongoDB MCP image from your dockerhub. - Verify networking rules (firewalls, VNet integrations, etc.) allow intended clients to reach the server endpoint. - If using the auth-enabled parameters, validate that credentials/secrets are stored securely (Key Vault, managed identity) and tested end-to-end. - Document any additional operational steps (scaling, logging, maintenance) based on your environment requirements. diff --git a/deploy/azure/bicep/main.bicep b/deploy/azure/bicep/main.bicep index 028607f8..fd8c3ff7 100644 --- a/deploy/azure/bicep/main.bicep +++ b/deploy/azure/bicep/main.bicep @@ -8,7 +8,7 @@ param location string = resourceGroup().location param containerAppName string = 'mongo-mcp-server-app' @description('Docker image to deploy') -param containerImage string = '/mongo-mcp-server:latest' +param containerImage string = 'mongodb/mongodb-mcp-server:latest' @description('Container CPU (vCPU) as string. Allowed: 0.25 - 2.0 in 0.25 increments') @allowed([ diff --git a/deploy/azure/bicep/params.json b/deploy/azure/bicep/params.json index fb3db72b..2086eea9 100644 --- a/deploy/azure/bicep/params.json +++ b/deploy/azure/bicep/params.json @@ -2,7 +2,7 @@ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", "contentVersion": "1.0.0.0", "parameters": { - "containerImage": { "value": "/mongo-mcp-server:latest" }, + "containerImage": { "value": "mongodb/mongodb-mcp-server:latest" }, "containerCpu": { "value": "1.0" }, "containerMemory": { "value": "2Gi" }, "appEnvironmentVars": { diff --git a/deploy/azure/bicep/paramsWithAuthEnabled.json b/deploy/azure/bicep/paramsWithAuthEnabled.json index f02c40de..0e246e0b 100644 --- a/deploy/azure/bicep/paramsWithAuthEnabled.json +++ b/deploy/azure/bicep/paramsWithAuthEnabled.json @@ -2,9 +2,9 @@ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", "contentVersion": "1.0.0.0", "parameters": { - "containerAppEnvName": { "value": "mcp-env-wlm2rwwpyzafw" }, + "containerAppEnvName": { "value": "container-app-env" }, "containerAppName": { "value": "mongo-mcp-server-app-with-auth" }, - "containerImage": { "value": "/mongo-mcp-server:latest" }, + "containerImage": { "value": "mongodb/mongodb-mcp-server:latest" }, "containerCpu": { "value": "1.0" }, "containerMemory": { "value": "2Gi" }, "appEnvironmentVars": { @@ -21,9 +21,9 @@ "mdbConnectionString": { "value": "" }, "authMode": { "value": "MicrosoftMIBasedAuth" }, - "authClientId": { "value": "97251c0f-95cd-4a6f-8414-ae34319fbb29" }, - "authIssuerUrl": { "value": "https://login.microsoftonline.com/888d76fa-54b2-4ced-8ee5-aac1585adee7/v2.0" }, - "authTenantId": { "value": "888d76fa-54b2-4ced-8ee5-aac1585adee7" }, - "authAllowedClientApps": { "value": ["6553980f-5268-4494-b1b2-233ba381fb6e"] } + "authClientId": { "value": "" }, + "authIssuerUrl": { "value": "" }, + "authTenantId": { "value": "" }, + "authAllowedClientApps": { "value": ["",""] } } } From defce2043767010df1ccae7a365710da3e8b3fdd Mon Sep 17 00:00:00 2001 From: Anshul Khantwal Date: Fri, 24 Oct 2025 11:10:55 +0530 Subject: [PATCH 3/6] review comments - copilot --- deploy/azure/README.md | 2 +- deploy/azure/bicep/main.bicep | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/deploy/azure/README.md b/deploy/azure/README.md index 4629da27..4a62b027 100644 --- a/deploy/azure/README.md +++ b/deploy/azure/README.md @@ -12,7 +12,7 @@ This directory contains an Azure Bicep template (`bicep/main.bicep`) and support Two sample parameter files are provided to help you tailor deployments: - `bicep/params.json`: Baseline configuration that deploys the MongoDB MCP server with authentication disabled or using default settings. Use this when testing in development environments or when external authentication is not required. -- `bicep/paramsWithAuthEnabled.json`: Extends the baseline deployment and enables explicit authentication configuration (for example, username/password, secrets, or identity inputs). Use this when you want the server protected with credentials. +- `bicep/paramsWithAuthEnabled.json`: Extends the baseline deployment and enables Microsoft Entra ID (Azure AD) authentication using managed identity and client application IDs. Use this when you want the server protected with Azure AD authentication via managed identity. > **Tip:** Update the image reference, secrets, networking, and any other environment-specific values in the chosen parameter file before deployment. diff --git a/deploy/azure/bicep/main.bicep b/deploy/azure/bicep/main.bicep index fd8c3ff7..241b1565 100644 --- a/deploy/azure/bicep/main.bicep +++ b/deploy/azure/bicep/main.bicep @@ -101,7 +101,7 @@ var authEnvVars = authMode == 'MicrosoftMIBasedAuth' value: authTenantId } { - // Client ID of the Azure AD App representing the your container app + // Client ID of the Azure AD App representing your container app name: 'MDB_MCP_AZURE_MANAGED_IDENTITY_CLIENT_ID' value: authClientId } From bb79b0820452e7ccd4b20343de308333c0654ecb Mon Sep 17 00:00:00 2001 From: Anshul Khantwal Date: Tue, 28 Oct 2025 11:42:42 +0530 Subject: [PATCH 4/6] review comments feedback --- deploy/azure/README.md | 5 +---- deploy/azure/bicep/params.json | 2 ++ 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/deploy/azure/README.md b/deploy/azure/README.md index 4a62b027..2b74ff4b 100644 --- a/deploy/azure/README.md +++ b/deploy/azure/README.md @@ -49,10 +49,7 @@ Two sample parameter files are provided to help you tailor deployments: 5. **Monitor outputs:** Review the deployment outputs and logs for connection endpoints, credential references, or other values needed to complete integration. ## Post-Deployment Checklist -- Confirm the container instance or orchestration target pulled the correct MongoDB MCP image from your dockerhub. -- Verify networking rules (firewalls, VNet integrations, etc.) allow intended clients to reach the server endpoint. -- If using the auth-enabled parameters, validate that credentials/secrets are stored securely (Key Vault, managed identity) and tested end-to-end. -- Document any additional operational steps (scaling, logging, maintenance) based on your environment requirements. +- After the Azure Container Apps deployment completes, access the MCP server by visiting the application’s public endpoint with /mcp appended. Example: https://[CONTAINER_APP_NAME]..azurecontainerapps.io/mcp. ## Updating the Deployment To apply changes: diff --git a/deploy/azure/bicep/params.json b/deploy/azure/bicep/params.json index 2086eea9..137a4ca4 100644 --- a/deploy/azure/bicep/params.json +++ b/deploy/azure/bicep/params.json @@ -2,6 +2,8 @@ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", "contentVersion": "1.0.0.0", "parameters": { + "containerAppEnvName": { "value": "container-app-env" }, + "containerAppName": { "value": "mongo-mcp-server-app-without-auth" }, "containerImage": { "value": "mongodb/mongodb-mcp-server:latest" }, "containerCpu": { "value": "1.0" }, "containerMemory": { "value": "2Gi" }, From 1fc50ab8d4ace3d0d4fe5d9656b6fe1eaf522152 Mon Sep 17 00:00:00 2001 From: Anshul Khantwal Date: Tue, 28 Oct 2025 11:51:15 +0530 Subject: [PATCH 5/6] review comments feedback --- README.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/README.md b/README.md index 152f3412..3ac58fec 100644 --- a/README.md +++ b/README.md @@ -23,6 +23,8 @@ A Model Context Protocol server for interacting with MongoDB Databases and Mongo - [Command-Line Arguments](#command-line-arguments) - [MCP Client Configuration](#mcp-configuration-file-examples) - [Proxy Support](#proxy-support) +- [🚀 Deploy on Public Clouds](#deploy-on-public-clouds) + - [Azure Cloud](#azure) - [🤝 Contributing](#contributing) @@ -688,6 +690,15 @@ connecting to the Atlas API, your MongoDB Cluster, or any other external calls to third-party services like OID Providers. The behaviour is the same as what `mongosh` does, so the same settings will work in the MCP Server. +## 🚀Deploy on Public Clouds + +You can deploy the MongoDB MCP Server to your preferred cloud provider using the deployment assets under `deploy/`. Each guide explains the prerequisites, configuration, and automation scripts that streamline the rollout. + +### Azure + +For detailed Azure instructions, see [deploy/azure/README.md](deploy/azure/README.md). + + ## 🤝Contributing Interested in contributing? Great! Please check our [Contributing Guide](CONTRIBUTING.md) for guidelines on code contributions, standards, adding new tools, and troubleshooting information. From f788e47c706f19151db51a0845226ae91833c0c3 Mon Sep 17 00:00:00 2001 From: Kevin Mas Ruiz Date: Wed, 29 Oct 2025 17:55:36 +0100 Subject: [PATCH 6/6] chore: fix formatting --- README.md | 3 +-- deploy/azure/README.md | 12 ++++++++++++ deploy/azure/bicep/paramsWithAuthEnabled.json | 4 +++- 3 files changed, 16 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 3ac58fec..588448de 100644 --- a/README.md +++ b/README.md @@ -24,7 +24,7 @@ A Model Context Protocol server for interacting with MongoDB Databases and Mongo - [MCP Client Configuration](#mcp-configuration-file-examples) - [Proxy Support](#proxy-support) - [🚀 Deploy on Public Clouds](#deploy-on-public-clouds) - - [Azure Cloud](#azure) + - [Azure Cloud](#azure) - [🤝 Contributing](#contributing) @@ -698,7 +698,6 @@ You can deploy the MongoDB MCP Server to your preferred cloud provider using the For detailed Azure instructions, see [deploy/azure/README.md](deploy/azure/README.md). - ## 🤝Contributing Interested in contributing? Great! Please check our [Contributing Guide](CONTRIBUTING.md) for guidelines on code contributions, standards, adding new tools, and troubleshooting information. diff --git a/deploy/azure/README.md b/deploy/azure/README.md index 2b74ff4b..b7ac079e 100644 --- a/deploy/azure/README.md +++ b/deploy/azure/README.md @@ -1,14 +1,17 @@ # Deploy MongoDB MCP Server on Azure Container Apps ## Overview + This directory contains an Azure Bicep template (`bicep/main.bicep`) and supporting parameter files for deploying the infrastructure required to run the MongoDB MCP (Model Context Protocol) server. Use this guide to prepare prerequisites, select the appropriate parameter file, and run the deployment end-to-end. ## Prerequisites + - Azure CLI (2.55.0 or later) installed and signed in (`az login`). - Azure subscription with permissions to deploy the required resources. - MongoDB MCP server container image available in dockerhub registry (mongodb/mongodb-mcp-server:latest). ## Parameter Files + Two sample parameter files are provided to help you tailor deployments: - `bicep/params.json`: Baseline configuration that deploys the MongoDB MCP server with authentication disabled or using default settings. Use this when testing in development environments or when external authentication is not required. @@ -17,7 +20,9 @@ Two sample parameter files are provided to help you tailor deployments: > **Tip:** Update the image reference, secrets, networking, and any other environment-specific values in the chosen parameter file before deployment. ## Deploy the Bicep Template + 1. **Set common variables (PowerShell example):** + ```powershell $location = "eastus" $resourceGroup = "mongodb-mcp-demo-rg" @@ -26,11 +31,13 @@ Two sample parameter files are provided to help you tailor deployments: ``` 2. **Create the resource group (if it does not exist):** + ```powershell az group create --name $resourceGroup --location $location ``` 3. **Validate the deployment (optional but recommended):** + ```powershell az deployment group what-if \ --resource-group $resourceGroup \ @@ -39,6 +46,7 @@ Two sample parameter files are provided to help you tailor deployments: ``` 4. **Run the deployment:** + ```powershell az deployment group create \ --resource-group $resourceGroup \ @@ -49,15 +57,19 @@ Two sample parameter files are provided to help you tailor deployments: 5. **Monitor outputs:** Review the deployment outputs and logs for connection endpoints, credential references, or other values needed to complete integration. ## Post-Deployment Checklist + - After the Azure Container Apps deployment completes, access the MCP server by visiting the application’s public endpoint with /mcp appended. Example: https://[CONTAINER_APP_NAME]..azurecontainerapps.io/mcp. ## Updating the Deployment + To apply changes: + 1. Update the parameter file or `main.bicep` as needed. 2. Re-run the `az deployment group create` command with the same resource group. 3. Use `az deployment group what-if` to preview differences before applying them. ## Cleanup + Remove the deployed resources when no longer needed: ```powershell diff --git a/deploy/azure/bicep/paramsWithAuthEnabled.json b/deploy/azure/bicep/paramsWithAuthEnabled.json index 0e246e0b..78c0a30d 100644 --- a/deploy/azure/bicep/paramsWithAuthEnabled.json +++ b/deploy/azure/bicep/paramsWithAuthEnabled.json @@ -24,6 +24,8 @@ "authClientId": { "value": "" }, "authIssuerUrl": { "value": "" }, "authTenantId": { "value": "" }, - "authAllowedClientApps": { "value": ["",""] } + "authAllowedClientApps": { + "value": ["", ""] + } } }